Jonathan Herzog
ff736a61bb
Because many of the hash-functions implemented by LTC use the length of the input when padding the input out to a block-length, LTC keeps track of the input length in a 64-bit integer. However, it did not previously test for overflow of this value. Since many of the hash-functions implemented by LTC are defined for inputs of length 2^128 bits or more, this means that LTC was incorrectly implementing these hash functions for extremely long inputs. Also, this might have been a minor security problem: A clever attacker might have been able to take a message with a known hash and find another message (longer by 2^64 bits) that would be hashed to the same value by LTC. Fortunately, LTC uses a pre-processor macro to make the actual code for hashing, and so this problem could be fixed by adding an overflow-check to that macro.
libtomcrypt
See doc/crypt.pdf for a detailed documentation
Project Status
develop: 
Submitting patches
Please branch off from develop if you want to submit a patch.
Branches
Please be aware, that all branches besides master and develop can and will be force-pushed, rebased and/or removed!
If you want to rely on such an unstable branch, create your own fork of this repository to make sure nothing breaks for you.